Vulnerabilidades en clerk
5 resultadosCVE-2024-22206CRITICAL@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)EPSS 0.7%CVE-2026-41248CRITICALOfficial Clerk JavaScript SDKs: Middleware-based route protection bypassEPSS 0.3%CVE-2026-34076HIGHClerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended hostEPSS 0.3%CVE-2026-42349HIGHClerk: Authorization bypass when combining organization, billing, or reverification checksEPSS 0.2%CVE-2025-53548HIGH@clerk/backend Performs Insufficient Verification of Data AuthenticityEPSS 0.2%